Hello. We have PCNS running smoothly on our domain, however I am adding a new domain controller (All servers are running 2012 R2) and the PCNS client will not install. It gives me the following error:
Error 25006.The Forefront Identity Manager Password Change Notification Service Setup Wizard cannot write to the discretionary access control lists (DACLs). CN=domain\/fqdn,cn=Password Change Notification Service, CN=System,DC=our,DC=domain,DC=org. Ensure you have the correct permissions for this operation, and then try running this wizard again.
I am attempting the install the client with the same user account I used on the other domain controller. The account is a domain admin, and I have checked permissions in ADSI. I have searched but I cant seem to find an actual resolution to this anywhere online. Any help would be greatly appreciated.